|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.hadoop.hbase.security.access.AccessControlLists
public class AccessControlLists
Maintains lists of permission grants to users and groups to allow for
authorization checks by AccessController
.
Access control lists are stored in an "internal" metadata table named
_acl_
. Each table's permission grants are stored as a separate row,
keyed by the table name. KeyValues for permissions assignments are stored
in one of the formats:
Key Desc -------- -------- user table level permissions for a user [R=read, W=write]
Field Summary | |
---|---|
static byte[] |
ACL_GLOBAL_NAME
|
static char |
ACL_KEY_DELIMITER
Delimiter to separate user, column family, and qualifier in _acl_ table info: column keys |
static byte[] |
ACL_LIST_FAMILY
|
static String |
ACL_LIST_FAMILY_STR
Column family used to store ACL grants |
static byte[] |
ACL_TABLE_NAME
|
static String |
ACL_TABLE_NAME_STR
Internal storage table for access control lists |
static HTableDescriptor |
ACL_TABLEDESC
Table descriptor for ACL internal table |
static String |
GROUP_PREFIX
Prefix character to denote group names |
static String |
SUPERUSER_CONF_KEY
Configuration key for superusers |
Constructor Summary | |
---|---|
AccessControlLists()
|
Method Summary | ||
---|---|---|
static String |
getGroupName(String aclKey)
Returns the actual name for a group principal (stripped of the group prefix). |
|
static boolean |
isGroupPrincipal(String name)
Returns whether or not the given name should be interpreted as a group principal. |
|
static
|
readPermissions(DataInput in,
org.apache.hadoop.conf.Configuration conf)
Reads a set of permissions as Writable instances
from the input stream. |
|
static void |
writePermissions(DataOutput out,
com.google.common.collect.ListMultimap<String,? extends Permission> perms,
org.apache.hadoop.conf.Configuration conf)
Writes a set of permissions as Writable instances
to the given output stream. |
|
static byte[] |
writePermissionsAsBytes(com.google.common.collect.ListMultimap<String,? extends Permission> perms,
org.apache.hadoop.conf.Configuration conf)
Writes a set of permissions as Writable instances
and returns the resulting byte array. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final String ACL_TABLE_NAME_STR
public static final byte[] ACL_TABLE_NAME
public static final byte[] ACL_GLOBAL_NAME
public static final String ACL_LIST_FAMILY_STR
public static final byte[] ACL_LIST_FAMILY
public static final HTableDescriptor ACL_TABLEDESC
public static final char ACL_KEY_DELIMITER
public static final String GROUP_PREFIX
public static final String SUPERUSER_CONF_KEY
Constructor Detail |
---|
public AccessControlLists()
Method Detail |
---|
public static void writePermissions(DataOutput out, com.google.common.collect.ListMultimap<String,? extends Permission> perms, org.apache.hadoop.conf.Configuration conf) throws IOException
Writable
instances
to the given output stream.
out
- perms
- conf
-
IOException
public static byte[] writePermissionsAsBytes(com.google.common.collect.ListMultimap<String,? extends Permission> perms, org.apache.hadoop.conf.Configuration conf)
Writable
instances
and returns the resulting byte array.
public static <T extends Permission> com.google.common.collect.ListMultimap<String,T> readPermissions(DataInput in, org.apache.hadoop.conf.Configuration conf) throws IOException
Writable
instances
from the input stream.
IOException
public static boolean isGroupPrincipal(String name)
public static String getGroupName(String aclKey)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |